package com.dongdongshop.shril;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {

    /**
     * 创建 ShiroFilterFactoryBean 对象
     * @return
     */
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Autowired DefaultWebSecurityManager defaultWebSecurityManager){
        //创建 ShiroFilterFactoryBean 对象，shiro的过滤器
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
        //配置shiro内置过滤器
        Map<String,String> filterMap = new LinkedHashMap<>();//存取有序
        /*
         * anon :不需要登录就能访问的路径
         * authc:必须登录才能访问
         * perms:登录后也不行，还得跟我们设置的权限一样才能访问
         * */
        filterMap.put("/","anon");
        filterMap.put("/register","anon");
        filterMap.put("/login","anon");
        filterMap.put("/sellerController/registerSeller","anon");
        //配置注销登录
        filterMap.put("/auth/logout","logout");
        filterMap.put("/img/**","anon");
        filterMap.put("/css/**","anon");
        filterMap.put("/plugins/**","anon");
        filterMap.put("/**","authc");// /**表示一层或者多层 如/userController/list
        //自定义登录页面
        shiroFilterFactoryBean.setLoginUrl("/");

        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
        return shiroFilterFactoryBean;
    }


    /**
     * 创建 DefaultWebSessionManager用来管理用户主体的 subject
     * @return
     */
    @Bean
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Autowired UserRealm userRealm){
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        //关联自定义的realm
        defaultWebSecurityManager.setRealm(userRealm);
        return defaultWebSecurityManager;
    }

    //shior的加密使用的是哈希算法 + 盐值加密 我们只需要给他 盐 和加盐的次数 说明加密方式即可

    /**
     * 实例化自定义的Realm对象
     * @return
     */
    @Bean
    public UserRealm getUserRealm(){
        UserRealm userRealm = new UserRealm();
        //设置加密方式 ,加密的算法
        userRealm.setCredentialsMatcher(hashedCredentialsMatcher());
        return userRealm;
    }


    /**
     * 设置 hash算法
     * @return
     */
    @Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher(){
        //创建对象
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        //指定加密方式,可以自定义hash算法。MD2、MD5、SHA-1、SHA-256、SHA-384、SHA-512、etc。
        hashedCredentialsMatcher.setHashAlgorithmName("MD5");
        //设置加密的次数
        hashedCredentialsMatcher.setHashIterations(1); //相当于 MD5(MD5(123))
        //设置hex编码格式 true 表示加密使用hex编码 false 表示加密使用base64编码
        hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true);
        return hashedCredentialsMatcher;
    }


    /**
     * 配置  ShiroDialect , 用于thymeleaf和shiro标签配合使用
     */
    @Bean
    public ShiroDialect getShiroDialect(){
        return new ShiroDialect();
    }
}
